Skip to content

Commit 3dc465f

Browse files
committed
Accept MaD sanitizers for queries with MaD sinks
1 parent 79cbf2f commit 3dc465f

7 files changed

+28
-0
lines changed

ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,4 +118,8 @@ module CodeInjection {
118118
private class ExternalCodeInjectionSink extends Sink {
119119
ExternalCodeInjectionSink() { ModelOutput::sinkNode(this, "code-injection") }
120120
}
121+
122+
private class ExternalCodeInjectionSanitizer extends Sanitizer {
123+
ExternalCodeInjectionSanitizer() { ModelOutput::barrierNode(this, "code-injection") }
124+
}
121125
}

ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,4 +57,8 @@ module CommandInjection {
5757
private class ExternalCommandInjectionSink extends Sink {
5858
ExternalCommandInjectionSink() { ModelOutput::sinkNode(this, "command-injection") }
5959
}
60+
61+
private class ExternalCommandInjectionSanitizer extends Sanitizer {
62+
ExternalCommandInjectionSanitizer() { ModelOutput::barrierNode(this, "command-injection") }
63+
}
6064
}

ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,10 @@ class HtmlEscapingAsSanitizer extends Sanitizer {
6767
HtmlEscapingAsSanitizer() { this = any(HtmlEscaping esc).getOutput() }
6868
}
6969

70+
private class ExternalLogInjectionSanitizer extends Sanitizer {
71+
ExternalLogInjectionSanitizer() { ModelOutput::barrierNode(this, "log-injection") }
72+
}
73+
7074
private module LogInjectionConfig implements DataFlow::ConfigSig {
7175
predicate isSource(DataFlow::Node source) { source instanceof Source }
7276

ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,4 +57,8 @@ module PathInjection {
5757
private class ExternalPathInjectionSink extends Sink {
5858
ExternalPathInjectionSink() { ModelOutput::sinkNode(this, "path-injection") }
5959
}
60+
61+
private class ExternalPathInjectionSanitizer extends Sanitizer {
62+
ExternalPathInjectionSanitizer() { ModelOutput::barrierNode(this, "path-injection") }
63+
}
6064
}

ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,4 +46,8 @@ module ServerSideRequestForgery {
4646
private class ExternalRequestForgerySink extends Sink {
4747
ExternalRequestForgerySink() { ModelOutput::sinkNode(this, "request-forgery") }
4848
}
49+
50+
private class ExternalRequestForgerySanitizer extends Sanitizer {
51+
ExternalRequestForgerySanitizer() { ModelOutput::barrierNode(this, "request-forgery") }
52+
}
4953
}

ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,8 @@ module SqlInjection {
6161
private class ExternalSqlInjectionSink extends Sink {
6262
ExternalSqlInjectionSink() { ModelOutput::sinkNode(this, "sql-injection") }
6363
}
64+
65+
private class ExternalSqlInjectionSanitizer extends Sanitizer {
66+
ExternalSqlInjectionSanitizer() { ModelOutput::barrierNode(this, "sql-injection") }
67+
}
6468
}

ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,10 @@ module UrlRedirect {
125125
*/
126126
class StringInterpolationAsSanitizer extends PrefixedStringInterpolation, Sanitizer { }
127127

128+
private class ExternalUrlRedirectSanitizer extends Sanitizer {
129+
ExternalUrlRedirectSanitizer() { ModelOutput::barrierNode(this, "url-redirection") }
130+
}
131+
128132
/**
129133
* These methods return a new `ActionController::Parameters` or a `Hash` containing a subset of
130134
* the original values. This may still contain user input, so the results are tainted.

0 commit comments

Comments
 (0)